nmap - checking open ports and footprinting
MSF - Metasploit framework
DIRB - enumerate files on webserver
Wireshark - network analytics
Wfuzz - bruteforcing web applications
sqlmap - detection and exploitation of SQL injection flaws
Binwalk - search given binary image for embedded files and executable code
Nikto - web server scanner
Burp Suite - integrated platform for performing security testing of web applications
THC-Hydra - parallelized login cracker
Hashcat - password recovery utility
WPScan - black box WordPress vulnerability scanner
exploitdb - searchable archive from The Exploit Database
Lynis - open source security auditing tool
SPARTA - Network Infrastructure Penetration Testing Tool